Hello!This is my second thread in this forum. :oxx Version 0.0.3 (Alpha 3) xxxx Next Update: 0.0.4 (Alpha 4) Minor fixes ignored xxI created this guide in order to help newbies start their lives in the InfoSec area.

Your ideas make this thread better. Don't forget to post them.No time? A simple thanks to push this thread up is also of help!

Main Goal of this topic is giving the Best page to everyone on this forum or anywhere on the net who wants to start learning!Remember... "Learning is Living."

TL;DR? Your problem dude!

Now, lets begin:

xx Introduction xxSo you think you can dance? This is a really hard way to go. You can do it much easier, but the easier it becomes the less you will be learning.I personally believe that If you really want to learn something you should always take the hardest path to your goal.Again, to make this thread better, I need your help. Please post your ideas and reviews on this guide so I can make it better.

xx Types of Hackers xxWe have three kinds of hackers out there in the world:White Hat - The good guys... I mean they call them the good guys... sometimes they are the bad guys... They are the ones who protect the services/websites from getting hacked.Gray Hat - White hat during the day... Black hat during the night... I mean this is the best way to describe them... They are not good and not bad.Black Hat - Wow, these are the bad guys. They make millions in a week but with a risk of not getting the time to use that money! Well, they hack systems, bank accounts and many other things which are fun for them or $$ is involved in them .

There are more groups, they will be added in the first beta.==Well you might think that Black Hat hackers are the most awesome groups out there... Tell you what... YEAH... but wait... NO!!!! Yes, it is fun... You make millions... But, But... You will think again when I introduce you to Bubba (A character from a book I was reading a few months ago.). Let's say it's not good for now. He will be added in the beta.But there is one thing that all of the hackers share... and that's "Terminals with black background and green text!"Anyways, I will be helping you to become a h4x02!

xx LEVEL ONE: BECOME A PROGRAMMER xxThe first thing you should know when you want to become a hacker is a programming language. You might think ow yeah I know I know, I should learn PYTHON! I will smile and say No. Well Python is an awesome language to learn. Very easy. That's exactly why I am saying No to It. If you learn python now you can never become a 1337 h4x02. Why? To be a 1337 h4x02 you need to have complete knowledge on how Computers function and have complete knowledge on a certain OS (Linux, BSD etc.) it is only possible if you know the Ninja Language: Assembly . Python is a high-level programming language but Assembly is a low-level programming language. Wait what? low-level? Okay, take a look at this picture:Read these quotes:

A programming language such as C, FORTRAN, or Pascal that enables a programmer to write programs that are more or less independent of a particular type of computer. Such languages are considered high-level because they are closer to human languages and further from machine languages. In contrast, assembly languages are considered low-level because they are very close to machine languages.

The main advantage of high-level languages over low-level languages is that they are easier to read, write, and maintain. Ultimately, programs written in a high-level language must be translated into machine language by a compiler or interpreter.

The first high-level programming languages were designed in the 1950s. Now there are dozens of different languages, including Ada, Algol, BASIC, COBOL, C, C++, FORTRAN, LISP, Pascal, and Prolog.

And:

A programming language that is once removed from a computer's machine language. Machine languages consist entirely of numbers and are almost impossible for humans to read and write. Assembly languages have the same structure and set of commands as machine languages, but they enable a programmer to use names instead of numbers.

Each type of CPU has its own machine language and assembly language, so an assembly language program written for one type of CPU won't run on another. In the early days of programming, all programs were written in assembly language. Now, most programs are written in a high-level language such as FORTRAN or C. Programmers still use assembly language when speed is essential or when they need to perform an operation that isn't possible in a high-level language.

Okay... Now I hope you understand why I am telling you to learn it. No? Okay,Assembly is a low-level language and it is very similar to the language that the computer is able to understand. If you get the ability to write in it, Any high-level programming language is a piece of cake for you.xx LEVEL TWO: LEARN LINUX xxThe Second Thing to learn is Linux. Linux is an Operating System like MS Windows but it is totally Open-Source which means you have access to the code of the OS and you can Edit it and create your own version.Where can I learn to do that?!!This will get you started: http://lifehacker.com/5778882/getting-s ... lete-guideBut why Linux?Look... You might think that Windows is great why should I move on to Linux?Windows is great. But the main problem of Windows is that it's source is not available to us to edit it and hack it. Let's put it this way, Think that you're a 3-year-old kid. You are inside a small cage probably your own size. This cage gets smaller and smaller for you but there is no way out. You can't even break the cage and come out of it. Wait... you can... If you move on to Linux it is possible! In Linux you're a 3-year-old kid in space! No limits!I recommend every newbie to use Ubuntu.

Books? <Will be added in 0.0.3c (I have to check my library)>Now It's time to get wild!!

xx LEVEL THREE : DO IT THE HACKER'S WAY xxBECOME A HACKER!!Yeah! that's it! Wait... No. I'm jokin... keep on reading:Now there are two things you should read now:http://www.catb.org/esr/faqs/hacker-howto.htmlhttp://securityreliks.securegossip.com/ ... eginnings/Now...You need to setup a small lab in your Computer.Download VirtualBox.Download These OSes and install them using VirtualBox:Ubuntu 1x.xx (Latest version)Ubuntu 10.10CentOSWindows XPWindows 7Set up your small lab using VirtualBox and the OSes mentioned above. Wait? You don't know how? Google them for god's sake!And take a look at this:http://blog.rootcon.org/2012/02/10-pent ... s-you.htmlThis list shows 10 of the Best Penetration Testing Linux Distributions you might want to use to hack. These Distros are geared with the best tools to help you hack.Which one is the best? I think BackBox 2.05 Reason? Faster, No unnecessary tools.But keep in mind that most of the people use BackTrack. Why? Ask them.

Okay, now you should get your hands on some free tutorial mats out there.First thing to do is to hack your own Wireless Router. Google it. There are many videos availabe on Youtube.After that learn Metasploit. You can use SecurityTube.net megaprimers to do so or search Metasploit Unleashed in google.As Skyler said: "There is none. Thats okay. You need to learn to revel in the successes! Become a sponge and just absorb everything. When you read something you don’t understand, dont fret. Just remember it, let it serve as a placeholder, and learn about it when you can."LEARN, LEARN, LEARN.

And Remember... GOOGLE IS YOUR FRIEND (At least for now!).

Well, this thing will get updated only if I see that it's useful to you. No feedback or anything from you, This thing will be deserted forever.

Changelog:0.0.3 - Major Update 10.0.2c - Upcoming Updates Added , It took me around a day removed!0.0.2c - Colors Fix , Grey Hat image resized , Thanks Part added0.0.2b - Fixed some typing issues and many other things 0.0.2a - Added Introduction! OOYEAH!0.0.2 - Post has a new structure.0.0.1a - Introducing Colors! A new fun way of learning!

Thanks to:shadowzero - Great Ideas for new versions

I hope you like this.Please comment and tell me what you think.

Last edited by psyk0de on Wed Aug 08, 2012 6:07 pm, edited 1 time in total.

I'll give you some constructive criticism. Please don't take it the wrong way, but look at it as a way to improve your tutorial and future tutorials that you write. I think it's admirable that you want to write a guide to help newbies out, but I believe it could use a bit of work.

First, your tutorial is all over the place. Basically everything you wrote could be condensed to:

1. learn programming2. read books3. setup virtual lab4. use BackBox

However you don't actually provide any detailed information about anything. If I'm looking for a guide on how to write Android apps, and I find someting on the Internet that says "Ultimate Guide To Android Programming", and tells me nothing other than to use Google and buy a book to read, then what's the point of the guide?

If I were a newbie I wouldn't understand what you've written, therefore it's failed as a guide to newbies. What's Backtrack? What's Backbox? Why is it different? One has Flash and one doesn't? So what? Can't I install Flash on BackTrack? I should learn Assembly? Why? What can I do with it? Why is CEH better? Better than what? OSCP? SANS?

Then you talk about hacking a wireless router, but you're not going to show how it's done? So you're pointing me to another guide that does what yours doesn't?

In essence, you've created a contents page telling me, if you want to learn how to do ______, Google it.

I'm afraid that doesn't help newbies at all.

I suggest having a look at some of the other guides online, and learning from their structure and content. A thorough guide takes time, certainly more than a day to work on.

Finally, and this is just my own personal opinion, I suggest changing the title to something less script-kiddie-ish.

Again, please don't take my comments as an attack on your work. Good articles, papers, and books go through multiple drafts and reviews before they get published.

shadowzero wrote:I'll give you some constructive criticism. Please don't take it the wrong way, but look at it as a way to improve your tutorial and future tutorials that you write. I think it's admirable that you want to write a guide to help newbies out, but I believe it could use a bit of work.

Hey, Thanks. I totally understand it!

shadowzero wrote:However you don't actually provide any detailed information about anything. If I'm looking for a guide on how to write Android apps, and I find someting on the Internet that says "Ultimate Guide To Android Programming", and tells me nothing other than to use Google and buy a book to read, then what's the point of the guide?

If I were a newbie I wouldn't understand what you've written, therefore it's failed as a guide to newbies. What's Backtrack? What's Backbox? Why is it different? One has Flash and one doesn't? So what? Can't I install Flash on BackTrack? I should learn Assembly? Why? What can I do with it? Why is CEH better? Better than what? OSCP? SANS?

Thanks! Will add them in one of the alphasThe idea is also to give credit to other people who put time to write their own guides.As you can see I added some links to the writer of the Jargon File and Skyler.

shadowzero wrote:Then you talk about hacking a wireless router, but you're not going to show how it's done? So you're pointing me to another guide that does what yours doesn't?

My point here is to encourage the reader to google things. When someone can do it much better than me, for example a youtube video, why should I create one myself when there is one available much better than mine?And... If I mine everything from the Internet and put them here, then what is the reader gonna do? Read this and become a hacker? No. Some of the mining should be done by the reader. Some people googled and found this page. They can google more!If I want to cover everything then I should make a 5,000 paged PDF File.I am not saying NO to it, but the priority is low.

shadowzero wrote: I suggest having a look at some of the other guides online, and learning from their structure and content. A thorough guide takes time, certainly more than a day to work on.

Finally, and this is just my own personal opinion, I suggest changing the title to something less script-kiddie-ish.

Mate, why didn't you read the part that says 0.0.1 alpha 1?Title is okay, I like it.

A bit all over the place. I agree with Shadowzero. Needs a bit more structure.

As for networking, yes, very important to know the fundamentals of networking. If one doesn't learn the basics of networking, it could be very difficult to write an exploit that will need to traverse a network without user intervention. Also if you are shooting for teaching someone pen testing, then it becomes that much more important to know this.

If you are talking Hacker in the purest form, well all you need to get started is a desire to see how things work, how they can be broken and how they can be made better. After all that is where it started, shoot one could say Thomas Edison was a hacker.

As for the hats... grey hats are more about the curiosity. They will hack things just to hack them but are not in it for any real personal gain. They hack for the pure challenge of it all. White hats, well they basically are given permission to hack something. Black hats, yep, the bad guy, but they don't always make millions of dollars. Some of them make very little and those that might make a good payday, may not live long enough to spend it. Those that are probably doing well, you will never know about since that is what they are paid to do. They develop methods that make it nearly impossible to detect them on your network. They have a mission and they are the most patient. They create custom malware on-the-fly in order to stay ahead of your defenses. They know networking, they know hardware and they know how to code. Or they are part of a team where someone else may be coding while another is dropping the payloads.

Other than that, it is good practice writing such material, but try to make it your own. Throw in your own experiences, recommendations etc... For instance one thing I found while working through some of the courses, the material is not always updated and does not always match up to companion material. You may need to do some additional research in order to make something work. Don't take things at face value. For example, I am reading through Practical Malware Analysis, some of the labs for Dynamic analysis require you to use certain pieces of software to monitor malware activity. They reference FakeNET and ApateDNS, but they don't really explain how to use them. So I improvised, I used ApateDNS to force a system to send DNS requests to my REMnux system running a fake DNS tool. FakeNET would have been cooler to use but just couldn't find decent info in the small time I had to work the lab.

Keep at it, and don't rush the content. Spend some time to research, try out some things you find and then add a bit of personal touch to the guide.